Community discussions

MikroTik App
  4. RouterOS
  5. General

Redirect some ports passthroug the firewall for camera aplic

Post Reply
 
kavarnik
just joined
Topic Author
Posts: 4
Joined: Sat May 20, 2006 2:49 pm

Redirect some ports passthroug the firewall for camera aplic

Sat May 20, 2006 2:57 pm

Hello friends,

for some help I offer free room in Prague for visit (2 days only)....:-))

can someone help with passthrough of about 8 ports for an very usual webcamera. This camera is located in the local network and I need it at the IP 195.47.41.72 direct, without any ports, someting like a Virtual web server.

to access the server:
195.47.41.72
user barmani
password wifi

It is already something in the section firewall /NAT, but nothing is working.

Thanks for help

Fewo
Top
 
Valodja
just joined
Posts: 20
Joined: Sat May 20, 2006 4:14 am

Sat May 20, 2006 3:33 pm

not enought permisions.
192.168.1.251 - this is IP where camera is connected?
if Yes, please try:
Code: Select all
add chain=dstnat dst-address=195.47.41.72 protocol=tcp dst-port=0-65535 action=dst-nat to-address=192.168.1.251 to-port=0-65535
Top
 
kavarnik
just joined
Topic Author
Posts: 4
Joined: Sat May 20, 2006 2:49 pm

Hello VAlodja

Sun May 21, 2006 10:01 am

Hello Valodja

I did what you said, extended it to 6550, because this is the last port i need for this camera, and it doesnt work.

I need only to get through all this ports from the router behind to this ip 195.47.41.72.
Top
 
Valodja
just joined
Posts: 20
Joined: Sat May 20, 2006 4:14 am

Sun May 21, 2006 11:23 am

You can disable this new rule anytime so please try excatly what I gave.
Top
 
ceacu
just joined
Posts: 8
Joined: Tue Nov 08, 2005 12:22 am

Mon May 22, 2006 8:27 pm

Better change:
add chain=srcnat src-address=0.0.0.0/0 dst-address=0.0.0.0/0 action=masquerade comment="" disabled=no
to:
add chain=srcnat out-interface=WAN-LAN1 action=masquerade comment="" disabled=no
or better:
add chain=srcnat out-interface=WAN-LAN1 action=src-nat to-addresses=195.47.41.72 comment="" disabled=no
because the fist rule is acting on ALL interfaces.
then suppose that your camera service is on address 192.168.1.251 on ports xxxx-yyyy protocol TCP on Local-LAN2 interface:
add chain=dstnat in-interface=WAN-LAN1 dst-address=195.47.41.72 protocol=tcp dst-port=xxxx-yyyy action=dst-nat to-addresses=192.168.1.251 to-ports=xxxx-yyyy comment="apcko belidlo" disabled=no
if you want the camera services to be accessible from public (internet) side on public address 195.47.41.72:xxxx-yyyy
or:
add chain=dstnat in-interface=!Local-LAN2 dst-address=195.47.41.72 protocol=tcp dst-port=xxxx-yyyy action=dst-nat to-addresses=192.168.1.251 to-ports=xxxx-yyyy comment="apcko belidlo" disabled=no
if you want the camera to be accesible from WAN (internet) and also from the other LAN's.
you have to make the NAT rules very explicit by specifying the interface on wich the rules are to act otherwise you will find some unexpected results.
Remove all other rules.
Don't specify the source port (because is in general an ephemeral port).
Top
Post Reply
  4. RouterOS
  5. General